Samba 3.6.12 has been released upstream, fixing two security issues with SWAT. Updated package uploaded for Cauldron. Patched package uploaded for Mageia 2. Advisory: ======================== Updated samba packages fix security vulnerabilities: Samba versions before 3.6.11 and 4.0.2 are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings (CVE-2013-0213). Samba versions before 3.6.11 and 4.0.2 are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT (CVE-2013-0214). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214 http://www.samba.org/samba/history/samba-3.6.12.html ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.1.mga2 samba-client-3.6.5-2.1.mga2 samba-common-3.6.5-2.1.mga2 samba-doc-3.6.5-2.1.mga2 samba-swat-3.6.5-2.1.mga2 samba-winbind-3.6.5-2.1.mga2 nss_wins-3.6.5-2.1.mga2 libsmbclient0-3.6.5-2.1.mga2 libsmbclient0-devel-3.6.5-2.1.mga2 libsmbclient0-static-devel-3.6.5-2.1.mga2 libnetapi0-3.6.5-2.1.mga2 libnetapi-devel-3.6.5-2.1.mga2 libsmbsharemodes0-3.6.5-2.1.mga2 libsmbsharemodes-devel-3.6.5-2.1.mga2 libwbclient0-3.6.5-2.1.mga2 libwbclient-devel-3.6.5-2.1.mga2 samba-virusfilter-clamav-3.6.5-2.1.mga2 samba-virusfilter-fsecure-3.6.5-2.1.mga2 samba-virusfilter-sophos-3.6.5-2.1.mga2 samba-domainjoin-gui-3.6.5-2.1.mga2 from samba-3.6.5-2.1.mga2.src.rpm
Severity: normal => major
No real PoC's, it should be sufficient to ensure samba can be configured using samba-swat and works ok.
Testing complete mga2 32 & 64 Still finds the smb server in MCC (diskdrake?) but doesn't show the shares, making it a bit useless. Mounting with the command below.. # mount -t cifs //host/share /mount/point -o username=<user>,password=<passwd> To test swat it is necessary to enable it in /etc/xinetd.d/swat by changing disable to no, then restart xinetd service. Then use your browser to log in as your root user at http://localhost:901 Confirmed I was able to log in to swat, alter settings and view the server status on 32 & 64 bit and that i could mount a 64bit share on 32 bit and 32 bit share on 64 bit using mount -t cifs
Whiteboard: (none) => mga2-32-ok mga2-64-ok
Validating Advisory & srpm in comment 0 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Debian has issued an advisory for this on February 2: http://www.debian.org/security/2013/dsa-2617
URL: (none) => http://lwn.net/Vulnerabilities/536068/
Patch checked into Mageia 1 SVN.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0035
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED